How to find last moved item and last selected character + stats

Mar 3, 2017
26
0
1
#1
I was trying to get last moved item by changing the durability and when i get the address i used dissect data/structures to find (at least) its stats or quanity, but i didn't find one.
For last selected character i was scanning 1 0 1 0 (i think you will get it) i get it and tried to get his stats without finding them by normal scan by using (again) dissect data/structures and i get useless addresses(i think so) , then i tried to get just a static addresses for stats by finding them manually and trying to find the static by using multi-level pointer and again failed after first pointer.(also when i searched for stats i get about 5 addresses and only one of them real this also happend when i searched for 1 0 1 0 and came up with 5 or more addresses(i tried to dissect all of them in groups)).And the game is Divinity Original Sin 2.(sorry for bad eng)
 

Squall8

RCE Fanatics
Talents
Mar 3, 2017
329
24
18
#2
If you're taking about making a mouseover pointer you need to find something each item/character has in common. Such as item id/quantity or character id/stats and so on. Once you found a good value, debug with 'what accesses'. Then quickly hover over the item or character. You should see an instruction pop up when you do. Use that instruction as your injection point.
 
Mar 3, 2017
26
0
1
#3
Squall8 post_id=8730 time=1494939086 user_id=240 said:
If you're taking about making a mouseover pointer you need to find something each item/character has in common. Such as item id/quantity or character id/stats and so on. Once you found a good value, debug with 'what accesses'. Then quickly hover over the item or character. You should see an instruction pop up when you do. Use that instruction as your injection point.
Tried to do this and came up with the problem that when i hover over it doesn't give me any instructions,also i tried to split the item and do something like zanzer did in his table and i came up with this
Code:
[ENABLE]
aobscanmodule(last_item_moved,EoCApp.exe,41 8B 96 2C 01 00 00 49) // should be unique
alloc(newmem,$1000,last_item_moved)

label(code)
label(return)
label(last_item_moved_ptr)

newmem:
  mov rdx,last_item_moved_ptr
  mov [rdx],r14
code:
  mov edx,[r14+0000012C]
  jmp return

last_item_moved_ptr:
  dq 0

last_item_moved:
  jmp newmem
  nop
  nop
return:
registersymbol(last_item_moved)
registersymbol(last_item_moved_ptr)

[DISABLE]

INJECT:
  db 41 8B 96 2C 01 00 00

unregistersymbol(last_item_moved)
unregistersymbol(last_item_moved_ptr)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "EoCApp.exe"+9A997D

"EoCApp.exe"+9A9949: 48 8B 0D 48 C6 C5 00        -  mov rcx,[EoCApp.exe+1605F98]
"EoCApp.exe"+9A9950: E8 5B F0 E8 FF              -  call EoCApp.exe+8389B0
"EoCApp.exe"+9A9955: 48 8B C8                    -  mov rcx,rax
"EoCApp.exe"+9A9958: 48 C7 44 24 28 00 00 00 00  -  mov [rsp+28],00000000
"EoCApp.exe"+9A9961: 48 8D 05 58 D4 C5 00        -  lea rax,[EoCApp.exe+1606DC0]
"EoCApp.exe"+9A9968: 4C 8B C3                    -  mov r8,rbx
"EoCApp.exe"+9A996B: 4C 8D 4C 24 40              -  lea r9,[rsp+40]
"EoCApp.exe"+9A9970: 48 89 44 24 20              -  mov [rsp+20],rax
"EoCApp.exe"+9A9975: 48 8B D7                    -  mov rdx,rdi
"EoCApp.exe"+9A9978: E8 43 2F FF FF              -  call EoCApp.exe+99C8C0
// ---------- INJECTING HERE ----------
"EoCApp.exe"+9A997D: 41 8B 96 2C 01 00 00        -  mov edx,[r14+0000012C]
// ---------- DONE INJECTING  ----------
"EoCApp.exe"+9A9984: 49 8B CE                    -  mov rcx,r14
"EoCApp.exe"+9A9987: 2B D6                       -  sub edx,esi
"EoCApp.exe"+9A9989: 48 8B D8                    -  mov rbx,rax
"EoCApp.exe"+9A998C: E8 AF BF FC FF              -  call EoCApp.exe+975940
"EoCApp.exe"+9A9991: 8B D6                       -  mov edx,esi
"EoCApp.exe"+9A9993: 48 8B CB                    -  mov rcx,rbx
"EoCApp.exe"+9A9996: E8 A5 BF FC FF              -  call EoCApp.exe+975940
"EoCApp.exe"+9A999B: 49 8D 96 F8 00 00 00        -  lea rdx,[r14+000000F8]
"EoCApp.exe"+9A99A2: 48 8B CB                    -  mov rcx,rbx
"EoCApp.exe"+9A99A5: E8 06 AF FC FF              -  call EoCApp.exe+9748B0
}
i think i messed up
 

Squall8

RCE Fanatics
Talents
Mar 3, 2017
329
24
18
#4
You may have to dig a little deeper in the item structure. There is usually a byte that refers to what kind of item it is. For example, 0=materials, 1=consumables, and 2=key items. If you can find that byte and do the same process as I mentioned above, you should be able to make a successful mouseover script.

Alternatively you can try the same steps as above, except instead of hovering over an item just move it.
 
Top Bottom